openapi: 3.0.1 info: title: Signal Server API license: name: AGPL-3.0-only url: https://www.gnu.org/licenses/agpl-3.0.txt servers: - url: https://chat.signal.org description: Production service - url: https://chat.staging.signal.org description: Staging service paths: /v1/accounts/account/{identifier}: head: tags: - Account summary: Check whether an account exists description: | Enforced unauthenticated endpoint. Checks whether an account with a given identifier exists. operationId: accountExists parameters: - name: identifier in: path description: An ACI or PNI account identifier to check required: true schema: $ref: '#/components/schemas/ServiceIdentifier' responses: "200": description: An account with the given identifier was found. "400": description: Request must not be authenticated. "404": description: An account was not found for the given identifier. "422": description: Invalid request format. "429": description: Rate-limited. security: - authenticatedAccount: [] - {} /v1/accounts/username_hash/confirm: put: tags: - Account summary: Confirm username hash description: | Authenticated endpoint. For a previously reserved username hash, confirm that this username hash is now taken by this account. operationId: confirmUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmUsernameHashRequest' required: true responses: "200": description: Username hash confirmed successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameHashResponse' "401": description: Account authentication check failed. "409": description: Given username hash doesn't match the reserved one or no reservation found. "410": description: Username hash not available (username can't be used). "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/me: delete: tags: - Account operationId: deleteAccount responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/apn: put: tags: - Account operationId: setApnRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/ApnRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteApnRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/gcm: put: tags: - Account operationId: setGcmRegistrationId requestBody: content: application/json: schema: $ref: '#/components/schemas/GcmRegistrationId' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: deleteGcmRegistrationId responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash: delete: tags: - Account summary: Delete username hash description: | Authenticated endpoint. Deletes previously stored username for the account. operationId: deleteUsernameHash responses: "204": description: Username successfully deleted. "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/accounts/username_link: put: tags: - Account summary: Set username link description: | Authenticated endpoint. For the given encrypted username generates a username link handle. The username link handle can be used to lookup the encrypted username. An account can only have one username link at a time; this endpoint overwrites the previous encrypted username if there was one. operationId: updateUsernameLink requestBody: content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' required: true responses: "200": description: Username Link updated successfully. content: application/json: schema: $ref: '#/components/schemas/UsernameLinkHandle' "401": description: Account authentication check failed. "409": description: Username is not set for the account. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] delete: tags: - Account summary: Delete username link description: | Authenticated endpoint. Deletes username link for the given account: previously store encrypted username is deleted and username link handle is deactivated. operationId: deleteUsernameLink responses: "204": description: Username Link successfully deleted. "401": description: Account authentication check failed. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/username_hash/{usernameHash}: get: tags: - Account summary: Lookup username hash description: | Forced unauthenticated endpoint. For the given username hash, look up a user ID. operationId: lookupUsernameHash parameters: - name: usernameHash in: path required: true schema: type: string responses: "200": description: Account found for the given username. content: application/json: schema: $ref: '#/components/schemas/AccountIdentifierResponse' "400": description: Request must not be authenticated. "404": description: Account not found for the given username. security: - authenticatedAccount: [] - {} /v1/accounts/username_link/{uuid}: get: tags: - Account summary: Lookup username link description: | Enforced unauthenticated endpoint. For the given username link handle, looks up the database for an associated encrypted username. If found, encrypted username is returned, otherwise responds with 404 Not Found. operationId: lookupUsernameLink parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: "200": description: Username link with the given handle was found. content: application/json: schema: $ref: '#/components/schemas/EncryptedUsername' "400": description: Request must not be authenticated. "404": description: Username link was not found for the given handle. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] - {} /v1/accounts/registration_lock: put: tags: - Account operationId: setRegistrationLock requestBody: content: '*/*': schema: $ref: '#/components/schemas/RegistrationLock' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] delete: tags: - Account operationId: removeRegistrationLock responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/accounts/username_hash/reserve: put: tags: - Account summary: Reserve username hash description: | Authenticated endpoint. Takes in a list of hashes of potential username hashes, finds one that is not taken, and reserves it for the current account. operationId: reserveUsernameHash requestBody: content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashRequest' required: true responses: "200": description: Username hash reserved successfully. content: application/json: schema: $ref: '#/components/schemas/ReserveUsernameHashResponse' "401": description: Account authentication check failed. "409": description: All username hashes from the list are taken. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v1/accounts/attributes: put: tags: - Account operationId: setAccountAttributes parameters: - name: X-Signal-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/accounts/name: put: tags: - Account summary: Set a device's encrypted name description: | Sets the encrypted name for the specified device. Primary devices may change the name of any device associated with their account, but linked devices may only change their own name. If no device ID is specified, then the authenticated device's ID will be used. operationId: setName parameters: - name: deviceId in: query schema: type: string description: "The ID of the device for which to set a name; if omitted,\ \ the authenticated device will be targeted for a name change" format: byte requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeviceName' required: true responses: "204": description: Device name changed successfully "404": description: No device found with the given ID "403": description: Not authorized to change the name of the device with the given ID security: - authenticatedAccount: [] /v1/accounts/whoami: get: tags: - Account operationId: whoAmI responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' security: - authenticatedAccount: [] /v2/accounts/number: put: tags: - Account summary: Change number description: Changes a phone number for an existing account. operationId: changeNumber parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ChangeNumberRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: Verification failed for the provided Registration Recovery Password "409": description: Mismatched number of devices or device ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/MismatchedDevicesResponse' "410": description: Mismatched registration ids in 'devices to notify' list content: application/json: schema: $ref: '#/components/schemas/StaleDevicesResponse' "413": description: One or more device messages was too large "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v2/accounts/phone_number_identity_key_distribution: put: tags: - Account summary: Set phone-number identity keys description: Updates key material for the phone-number identity for all devices and sends a synchronization message to companion devices operationId: distributePhoneNumberIdentityKeys parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberIdentityKeyDistributionRequest' required: true responses: "200": description: Indicates the transaction was successful and returns basic information about this account. content: application/json: schema: $ref: '#/components/schemas/AccountIdentityResponse' "401": description: Account authentication check failed. "403": description: This endpoint can only be invoked from the account's primary device. "422": description: The request body failed validation. "409": description: The set of devices specified in the request does not match the set of devices active on the account. content: application/json: schema: $ref: '#/components/schemas/MismatchedDevicesResponse' "410": description: The registration IDs provided for some devices do not match those stored on the server. content: application/json: schema: $ref: '#/components/schemas/StaleDevicesResponse' "413": description: One or more device messages was too large security: - authenticatedAccount: [] /v2/accounts/data_report: get: tags: - Account summary: Produces a report of non-ephemeral account data stored by the service operationId: getAccountDataReport responses: "200": description: Response with data report. A plain text representation is a field in the response. content: application/json: schema: $ref: '#/components/schemas/AccountDataReportResponse' security: - authenticatedAccount: [] /v2/accounts/phone_number_discoverability: put: tags: - Account summary: Sets whether the account should be discoverable by phone number in the directory. operationId: setPhoneNumberDiscoverability requestBody: content: application/json: schema: $ref: '#/components/schemas/PhoneNumberDiscoverabilityRequest' required: true responses: "204": description: The setting was successfully updated. security: - authenticatedAccount: [] /v1/archives/upload/form: get: tags: - Archive summary: Fetch message backup upload form description: Retrieve an upload form that can be used to perform a resumable upload of a message backup. operationId: backup parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/UploadDescriptorResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives: get: tags: - Archive summary: Fetch backup info description: Retrieve information about the currently stored backup operationId: backupInfo parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupInfoResponse' "404": description: No existing backups found "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} post: tags: - Archive summary: Refresh backup description: | Indicate that this backup is still active. Clients must periodically upload new backups or perform a refresh via a POST request. If a backup is not refreshed, after 30 days it may be deleted. operationId: refresh parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "204": description: The backup was successfully refreshed "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} delete: tags: - Archive summary: Delete entire backup description: | Delete all backup metadata, objects, and stored public key. To use backups again, a public key must be resupplied. operationId: deleteBackup parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "204": description: The backup has been successfully removed "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media/batch: put: tags: - Archive summary: Batched backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original already encrypted attachment will be encrypted with the provided key material before being copied If the batch request is processed at all, a 207 will be returned and the outcome of each constituent copy will be provided as a separate entry in the response. operationId: copyMedia parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchRequest' required: true responses: "207": description: | The request was processed and each operation's outcome must be inspected individually. This does NOT necessarily indicate the operation was a success. content: application/json: schema: $ref: '#/components/schemas/CopyMediaBatchResponse' "413": description: All media capacity has been consumed. Free some space to continue. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media: get: tags: - Archive summary: List media objects description: | Retrieve a list of media objects stored for this backup-id. A client may have previously stored media objects that are no longer referenced in their current backup. To reclaim storage space used by these orphaned objects, perform a list operation and remove any unreferenced media objects via DELETE /v1/backups/. operationId: listMedia parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string - name: cursor in: query description: A cursor returned by a previous call schema: type: string - name: limit in: query description: The number of entries to return per call schema: type: integer format: int32 responses: "200": content: application/json: schema: $ref: '#/components/schemas/ListResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) security: - authenticatedAccount: [] - {} put: tags: - Archive summary: Backup media description: | Copy and re-encrypt media from the attachments cdn into the backup cdn. The original, already encrypted, attachment will be encrypted with the provided key material before being copied. A particular destination media id should not be reused with a different source media id or different encryption parameters. operationId: copyMedia_1 parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CopyMediaRequest' required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/CopyMediaResponse' "400": description: Bad arguments. The request may have been made on an authenticated channel "413": description: All media capacity has been consumed. Free some space to continue. "410": description: The source object was not found. "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) security: - authenticatedAccount: [] - {} /v1/archives/media/delete: post: tags: - Archive summary: Delete media objects description: Delete media objects stored with this backup-id operationId: deleteMedia parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: '*/*': schema: $ref: '#/components/schemas/DeleteMedia' required: true responses: "204": description: The provided objects were successfully deleted or they do not exist "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/auth: get: tags: - Archive summary: 'Fetch ZK credentials ' description: | After setting a blinded backup-id with PUT /v1/archives/, this fetches credentials that can be used to perform operations against that backup-id. Clients may (and should) request up to 7 days of credentials at a time. The redemptionStart and redemptionEnd seconds must be UTC day aligned, and must not span more than 7 days. Each credential contains a receipt level which indicates the backup level the credential is good for. If the account has paid backup access that expires at some point in the provided redemption window, credentials with redemption times after the expiration may be on a lower backup level. Clients must validate the receipt level on the credential matches a known receipt level before using it. operationId: getBackupZKCredentials parameters: - name: User-Agent in: header schema: type: string - name: redemptionStartSeconds in: query required: true schema: type: integer format: int64 - name: redemptionEndSeconds in: query required: true schema: type: integer format: int64 responses: "200": content: application/json: schema: $ref: '#/components/schemas/BackupAuthCredentialsResponse' "400": description: The start/end did not meet alignment/duration requirements "404": description: Could not find an existing blinded backup id "429": description: Rate limited. security: - authenticatedAccount: [] /v1/archives/auth/read: get: tags: - Archive summary: Get CDN read credentials description: Retrieve credentials used to read objects stored on the backup cdn operationId: readAuth parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string - name: cdn in: query description: The number of the CDN to get credentials for required: true schema: type: integer format: int32 responses: "200": content: application/json: schema: $ref: '#/components/schemas/ReadAuthResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/redeem-receipt: post: tags: - Archive summary: Redeem receipt description: | Redeem a receipt acquired from /v1/subscription/{subscriberId}/receipt_credentials to mark the account as eligible for the paid backup tier. After successful redemption, subsequent requests to /v1/archive/auth will return credentials with the level on the provided receipt until the expiration time on the receipt. Accounts must have an existing backup credential request in order to redeem a receipt. This request will fail if the account has not already set a backup credential request via PUT `/v1/archives/backupid`. operationId: redeemReceipt requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemBackupReceiptRequest' required: true responses: "204": description: The receipt was redeemed "400": description: The provided presentation or receipt was invalid "409": description: The target account does not have a backup-id commitment "429": description: Rate limited. security: - authenticatedAccount: [] /v1/archives/backupid: put: tags: - Archive summary: Set backup id description: | Set a (blinded) backup-id for the account. Each account may have a single active backup-id that can be used to store and retrieve backups. Once the backup-id is set, BackupAuthCredentials can be generated using /v1/archives/auth. The blinded backup-id and the key-pair used to blind it should be derived from a recoverable secret. operationId: setBackupId requestBody: content: application/json: schema: $ref: '#/components/schemas/SetBackupIdRequest' required: true responses: "204": description: The backup-id was set "400": description: The provided backup auth credential request was invalid "429": description: Rate limited. Too many attempts to change the backup-id have been made security: - authenticatedAccount: [] /v1/archives/keys: put: tags: - Archive summary: Set public key description: | Permanently set the public key of an ED25519 key-pair for the backup-id. All requests that provide a anonymous BackupAuthCredentialPresentation (including this one!) must also sign the presentation with the private key corresponding to the provided public key. operationId: setPublicKey parameters: - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SetPublicKeyRequest' required: true responses: "204": description: The public key was set "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v1/archives/media/upload/form: get: tags: - Archive summary: Fetch media attachment upload form description: | Retrieve an upload form that can be used to perform a resumable upload of an attachment. After uploading, the attachment can be copied into the backup at PUT /archives/media/. Like the account authenticated version at /attachments, the uploaded object is only temporary. operationId: uploadTemporaryAttachment parameters: - name: User-Agent in: header schema: type: string - name: X-Signal-ZK-Auth in: header description: "Presentation of a ZK backup auth credential acquired from /v1/archives/auth,\ \ encoded in standard padded base64" required: true schema: type: string - name: X-Signal-ZK-Auth-Signature in: header description: "Signature of the ZK auth credential's presentation, encoded\ \ in standard padded base64" required: true schema: type: string responses: "200": content: application/json: schema: $ref: '#/components/schemas/UploadDescriptorResponse' "429": description: Rate limited. "403": description: Forbidden. The request had insufficient permissions to perform the requested action "401": description: |- The provided backup auth credential presentation could not be verified or The public key signature was invalid or There is no backup associated with the backup-id in the presentation or The credential was of the wrong type (messages/media) "400": description: Bad arguments. The request may have been made on an authenticated channel security: - authenticatedAccount: [] - {} /v4/attachments/form/upload: get: tags: - Attachments summary: Get an upload form description: | Retrieve an upload form that can be used to perform a resumable upload. The response will include a cdn number indicating what protocol should be used to perform the upload. operationId: getAttachmentUploadForm responses: "200": description: "Success, response body includes upload form" content: application/json: schema: $ref: '#/components/schemas/AttachmentDescriptorV3' "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/call-link/create-auth: post: tags: - CallLink summary: Generate a credential for creating call links description: | Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge group infrastructure, the server does not know the room ID. operationId: getCreateAuth requestBody: content: '*/*': schema: $ref: '#/components/schemas/GetCreateCallLinkCredentialsRequest' required: true responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/CreateCallLinkCredential' "400": description: Invalid create call link credential request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Ratelimited. security: - authenticatedAccount: [] /v2/calling/relays: get: tags: - Calling summary: Get 1:1 calling relay options for the client description: | Get 1:1 relay addresses in IpV4, Ipv6, and URL formats. operationId: getCallingRelays responses: "200": description: '`JSON` with call endpoints.' content: application/json: schema: $ref: '#/components/schemas/GetCallingRelaysResponse' "400": description: Invalid get call endpoint request. "401": description: Account authentication check failed. "422": description: Invalid request format. "429": description: Rate limited. security: - authenticatedAccount: [] /v1/certificate/delivery: get: tags: - Certificate operationId: getDeliveryCertificate parameters: - name: includeE164 in: query schema: type: boolean default: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeliveryCertificate' security: - authenticatedAccount: [] /v1/certificate/auth/group: get: tags: - Certificate operationId: getGroupAuthenticationCredentials parameters: - name: User-Agent in: header schema: type: string - name: redemptionStartSeconds in: query schema: type: integer format: int64 - name: redemptionEndSeconds in: query schema: type: integer format: int64 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/GroupCredentials' security: - authenticatedAccount: [] /v1/challenge: put: tags: - Challenge summary: Submit proof of a challenge completion description: | Some server endpoints (the "send message" endpoint, for example) may return a 428 response indicating the client must complete a challenge before continuing. Clients may use this endpoint to provide proof of a completed challenge. If successful, the client may then continue their original operation. operationId: handleChallengeResponse parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: oneOf: - $ref: '#/components/schemas/AnswerPushChallengeRequest' - $ref: '#/components/schemas/AnswerCaptchaChallengeRequest' responses: "200": description: Indicates the challenge proof was accepted "428": description: Submitted captcha token is invalid "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/challenge/push: post: tags: - Challenge summary: Request a push challenge description: | Clients may proactively request a push challenge by making an empty POST request. Push challenges will only be sent to the requesting account’s main device. When the push is received it may be provided as proof of completed challenge to /v1/challenge. APNs challenge payloads will be formatted as follows: ``` { "aps": { "sound": "default", "alert": { "loc-key": "APN_Message" } }, "rateLimitChallenge": "{CHALLENGE_TOKEN}" } ``` FCM challenge payloads will be formatted as follows: ``` {"rateLimitChallenge": "{CHALLENGE_TOKEN}"} ``` Clients may retry the PUT in the event of an HTTP/5xx response (except HTTP/508) from the server, but must implement an exponential back-off system and limit the total number of retries. operationId: requestPushChallenge responses: "200": description: | Indicates a payload to the account's primary device has been attempted. When clients receive a challenge push notification, they may issue a PUT request to /v1/challenge. "404": description: | The server does not have a push notification token for the authenticated account’s main device; clients may add a push token and try again "413": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devicecheck/assert: get: tags: - DeviceCheck summary: Fetch an assert challenge description: | Retrieve a challenge to use in an attestation, which must be provided at `POST /v1/devicecheck/assert`. To produce the `clientDataHash` for [generateAssertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:)), construct the request you intend to `POST` and include the returned challenge as the "challenge" field. Serialize the request as JSON and take the SHA256 of the request, as described [here](https://developer.apple.com/documentation/devicecheck/establishing-your-app-s-integrity#Assert-your-apps-validity-as-necessary). Note that the JSON body provided to the PUT must exactly match the input to the `clientDataHash` (field order, whitespace, etc matters) Repeat calls to retrieve a challenge may return the same challenge until it is used in a `POST`. Callers should attempt to only have a single outstanding challenge at any given time. operationId: assertChallenge parameters: - name: action in: query schema: type: string description: The type of action you will make an assertion for enum: - backup responses: "200": description: The response body includes a challenge "429": description: Ratelimited. security: - authenticatedAccount: [] post: tags: - DeviceCheck summary: Perform an attested action description: | Specify some action to take on the account via the request field. The request must exactly match the request you provide when [generating the assertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:)). The request must include a challenge previously retrieved from `GET /v1/devicecheck/assert`. Each assertion increments the counter associated with the client's device key. This method enforces that no assertion with a counter lower than a counter we've already seen is allowed to execute. If a client issues multiple requests concurrently, or if they retry a request that had an indeterminate outcome, it's possible that the request will not be accepted because the server has already stored the updated counter. In this case the request may return 401, and the client should generate a fresh assert for the request. operationId: assertion parameters: - name: keyId in: query description: "The keyId, encoded with padded url-safe base64" required: true schema: type: string - name: request in: query description: | The asserted JSON request data, encoded as a string in padded url-safe base64. This must exactly match the request you use when generating the assertion (including field ordering, whitespace, etc). required: true schema: $ref: '#/components/schemas/AssertionRequest' requestBody: description: "The assertion created by [generateAssertion](https://developer.apple.com/documentation/devicecheck/dcappattestservice/generateassertion(_:clientdatahash:completionhandler:))" content: application/octet-stream: schema: type: string format: byte responses: "204": description: The assertion was valid and the corresponding action was executed "404": description: The provided keyId was not found "410": description: There was no challenge associated with the account. It may have expired. "401": description: The assertion could not be verified security: - authenticatedAccount: [] /v1/devicecheck/attest: get: tags: - DeviceCheck summary: Fetch an attest challenge description: | Retrieve a challenge to use in an attestation, which should be provided at `PUT /v1/devicecheck/attest`. To produce the clientDataHash for [attestKey](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:)) take the SHA256 of the UTF-8 bytes of the returned challenge. Repeat calls to retrieve a challenge may return the same challenge until it is used in a `PUT`. Callers should have a single outstanding challenge at any given time. operationId: attestChallenge responses: "200": description: The response body includes a challenge "429": description: Ratelimited. security: - authenticatedAccount: [] put: tags: - DeviceCheck summary: Register a keyId description: | Register a keyId with an attestation, which can be used to generate assertions from this account. The attestation should use the SHA-256 of a challenge retrieved at `GET /v1/devicecheck/attest` as the `clientDataHash` Registration is idempotent, and you should retry network errors with the same challenge as suggested by [device check](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:)#discussion), as long as your challenge has not expired (410). Even if your challenge is expired, you may continue to retry with your original keyId (and a fresh challenge). operationId: attest parameters: - name: keyId in: query description: "The keyId, encoded with padded url-safe base64" required: true schema: type: string requestBody: description: "The attestation data, created by [attestKey](https://developer.apple.com/documentation/devicecheck/dcappattestservice/attestkey(_:clientdatahash:completionhandler:))" content: application/octet-stream: schema: type: string format: byte responses: "204": description: The keyId was successfully added to the account "410": description: There was no challenge associated with the account. It may have expired. "401": description: The attestation could not be verified "413": description: There are too many unique keyIds associated with this account. This is an unrecoverable error. "409": description: The provided keyId has already been registered to a different account security: - authenticatedAccount: [] /v1/devices/provisioning/code: get: tags: - Devices summary: Generate a signed device-linking token description: | Generate a signed device-linking token for transmission to a pending linked device via a provisioning message. operationId: createDeviceToken responses: "200": description: Token was generated successfully content: application/json: schema: $ref: '#/components/schemas/LinkDeviceToken' "411": description: The authenticated account already has the maximum allowed number of linked devices "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] /v1/devices: get: tags: - Devices operationId: getDevices responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/DeviceInfoList' security: - authenticatedAccount: [] /v1/devices/link: put: tags: - Devices summary: Link a device to an account description: | Links a device to an account identified by a given phone number. operationId: linkDevice parameters: - name: Authorization in: header schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/LinkDeviceRequest' required: true responses: "200": description: The new device was linked to the calling account content: application/json: schema: $ref: '#/components/schemas/LinkDeviceResponse' "403": description: The given account was not found or the given verification code was incorrect "409": description: The new device is missing a capability supported by all other devices on the account "411": description: The given account already has its maximum number of linked devices "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/devices/restore_account/{token}: get: tags: - Devices summary: Wait for 'restore account' request operationId: waitForDeviceTransferRequest parameters: - name: token in: path required: true schema: maximum: 64 maxLength: 64 minLength: 0 type: string description: A randomly-generated token identifying the request for device-to-device transfer. - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated device is not available within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 responses: "200": description: A 'restore account' request was received for the given token content: application/json: schema: $ref: '#/components/schemas/RestoreAccountRequest' "204": description: No 'restore account' request for the given token was received before the call completed; clients may repeat the call to continue waiting "400": description: The given token or timeout was invalid "429": description: Rate-limited; try again after the prescribed delay put: tags: - Devices summary: Signals that a new device is requesting restoration of account data by some method description: | Signals that a new device is requesting restoration of account data by some method. Devices waiting via the "wait for 'restore account' request" endpoint will be notified that the request has been issued. operationId: recordRestoreAccountRequest parameters: - name: token in: path required: true schema: maximum: 64 maxLength: 64 minLength: 0 type: string description: A randomly-generated token identifying the request for device-to-device transfer. requestBody: content: application/json: schema: $ref: '#/components/schemas/RestoreAccountRequest' responses: "204": description: Success "422": description: The request object could not be parsed or was otherwise invalid "429": description: Rate-limited; try again after the prescribed delay /v1/devices/transfer_archive: get: tags: - Devices summary: Wait for a new transfer archive to be uploaded description: | Waits for a new transfer archive to be uploaded for the authenticated device and returns the location of the archive when available. operationId: waitForTransferArchive parameters: - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If a transfer archive for the authenticated device is not available within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 - name: User-Agent in: header schema: type: string responses: "200": description: "Either a new transfer archive was uploaded for the authenticated\ \ device, or the upload has failed" content: application/json: schema: description: | The location of the transfer archive if the archive was successfully uploaded, otherwise a error indicating that the upload has failed and the destination device should stop waiting oneOf: - $ref: '#/components/schemas/RemoteAttachment' - $ref: '#/components/schemas/RemoteAttachmentError' "204": description: No transfer archive was uploaded before the call completed; clients may repeat the call to continue waiting "400": description: The given timeout was invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] put: tags: - Devices summary: Signals that a transfer archive has been uploaded for a specific linked device description: | Signals that a transfer archive has been uploaded or failed for a specific linked device. Devices waiting via the "wait for transfer archive" endpoint will be notified that the new archive is available. If the uploader cannot upload the transfer archive, they must signal an error. operationId: recordTransferArchiveUploaded requestBody: content: application/json: schema: $ref: '#/components/schemas/TransferArchiveUploadedRequest' required: true responses: "204": description: Success "422": description: The request object could not be parsed or was otherwise invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] /v1/devices/{device_id}: delete: tags: - Devices operationId: removeDevice parameters: - name: device_id in: path required: true schema: type: string format: byte responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/capabilities: put: tags: - Devices operationId: setCapabilities requestBody: content: '*/*': schema: type: object additionalProperties: type: boolean required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/devices/public_key: put: tags: - Devices summary: Sets a public key for authentication description: | Sets the authentication public key for the authenticated device. The public key will be used for authentication in the nascent gRPC-over-Noise API. Existing devices must upload a public key before they can use the gRPC-over-Noise API, and this endpoint exists to facilitate migration to the new API. operationId: setPublicKey_1 requestBody: content: '*/*': schema: $ref: '#/components/schemas/SetPublicKeyRequest' responses: "200": description: Public key stored successfully "401": description: Account authentication check failed "422": description: Invalid request format security: - authenticatedAccount: [] /v1/devices/wait_for_linked_device/{tokenIdentifier}: get: tags: - Devices summary: Wait for a new device to be linked to an account description: | Waits for a new device to be linked to an account and returns basic information about the new device when available. operationId: waitForLinkedDevice parameters: - name: tokenIdentifier in: path required: true schema: maxLength: 64 minLength: 32 type: string description: A 'link device' token identifier provided by the 'create link device token' endpoint - name: timeout in: query schema: maximum: 3600 minimum: 1 type: integer description: |2 The amount of time (in seconds) to wait for a response. If the expected device is not linked within the given amount of time, this endpoint will return a status of HTTP/204. format: int32 default: 30 - name: User-Agent in: header schema: type: string responses: "200": description: A device was linked to an account using the token associated with the given token identifier content: application/json: schema: $ref: '#/components/schemas/DeviceInfo' "204": description: No device was linked to the account before the call completed; clients may repeat the call to continue waiting "400": description: The given token identifier or timeout was invalid "429": description: Rate-limited; try again after the prescribed delay security: - authenticatedAccount: [] /v2/directory/auth: get: tags: - Directory summary: Generate credentials for Contact Discovery Service description: "Generate Contact Discovery Service credentials. Generated credentials\ \ have an expiration time of 24 hours \n(however, the TTL is fully controlled\ \ by the server and may change even for already generated credentials).\n" operationId: getAuthToken responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v1/donation/redeem-receipt: post: tags: - Donations operationId: redeemReceipt_1 requestBody: content: application/json: schema: $ref: '#/components/schemas/RedeemReceiptRequest' required: true responses: default: description: default response content: application/json: {} text/plain: {} security: - authenticatedAccount: [] /v1/keepalive: get: tags: - Keep Alive operationId: getKeepAlive requestBody: content: '*/*': schema: $ref: '#/components/schemas/WebSocketSessionContext' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] - {} /v1/keepalive/provisioning: get: tags: - Keep Alive operationId: getProvisioningKeepAlive responses: default: description: default response content: '*/*': {} /v1/key-transparency/distinguished: get: tags: - KeyTransparency summary: Get the current value of the distinguished key description: | The response contains the distinguished tree head to prove consistency against for future calls to `/search`, `/monitor`, and `/distinguished`. Enforced unauthenticated endpoint. operationId: getDistinguishedKey parameters: - name: lastTreeHeadSize in: query description: The distinguished tree head size returned by a previously verified call schema: type: integer format: int64 responses: "200": description: The `distinguished` search key exists in the log content: application/json: schema: $ref: '#/components/schemas/KeyTransparencyDistinguishedKeyResponse' "400": description: Invalid request. See response for any available details. "422": description: Invalid request format "429": description: Rate-limited security: - authenticatedAccount: [] - {} /v1/key-transparency/monitor: post: tags: - KeyTransparency summary: Monitor the given identifiers in the key transparency log description: | Return proofs proving that the log tree has been constructed correctly in later entries for each of the given identifiers. Enforced unauthenticated endpoint. operationId: monitor requestBody: content: '*/*': schema: $ref: '#/components/schemas/KeyTransparencyMonitorRequest' required: true responses: "200": description: All identifiers exist in the log content: application/json: schema: $ref: '#/components/schemas/KeyTransparencyMonitorResponse' "400": description: Invalid request. See response for any available details. "403": description: One or more of the provided commitment indexes did not match "404": description: At least one identifier was not found "429": description: Rate-limited "422": description: Invalid request format security: - authenticatedAccount: [] - {} /v1/key-transparency/search: post: tags: - KeyTransparency summary: Search for the given identifiers in the key transparency log description: | Returns a response if the ACI exists in the transparency log and its mapped value matches the provided ACI identity key. The username hash search response field is populated if it is found in the log and its mapped value matches the provided ACI. The E164 search response is populated similarly, with some additional requirements: - The account associated with the provided ACI must be discoverable by phone number. - The provided unidentified access key must match the one on the account. Enforced unauthenticated endpoint. operationId: search requestBody: content: '*/*': schema: $ref: '#/components/schemas/KeyTransparencySearchRequest' required: true responses: "200": description: The ACI was found and its mapped value matched the provided ACI identity key content: application/json: schema: $ref: '#/components/schemas/KeyTransparencySearchResponse' "400": description: Invalid request. See response for any available details. "403": description: The ACI was found but its mapped value did not match the provided ACI identity key "404": description: The ACI was not found in the log "422": description: Invalid request format "429": description: Rate-limited security: - authenticatedAccount: [] - {} /v2/keys/check: post: tags: - Keys summary: Check keys description: | Checks that client and server have consistent views of repeated-use keys. For a given identity type, clients submit a digest of their repeated-use key material. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) operationId: checkKeys responses: "200": description: Indicates that client and server have consistent views of repeated-use keys "401": description: Account authentication check failed "409": description: |2 Indicates that client and server have inconsistent views of repeated-use keys or one or more repeated-use keys could not be found "422": description: Invalid request format security: - authenticatedAccount: [] /v2/keys/{identifier}/{device_id}: get: tags: - Keys summary: Fetch public keys for another user description: Retrieves the public identity key and available device prekeys for a specified account or phone-number identity operationId: getDeviceKeys parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: identifier in: path description: the account or phone-number identifier to retrieve keys for required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: device_id in: path description: "the device id of a single device to retrieve prekeys for, or\ \ `*` for all enabled devices" required: true schema: type: string - name: User-Agent in: header schema: type: string responses: "200": description: Indicates at least one prekey was available for at least one requested device. content: application/json: schema: $ref: '#/components/schemas/PreKeyResponse' "400": description: A group send endorsement and other authorization (account authentication or unidentified-access key) were both provided. "401": description: Account authentication check failed and unidentified-access key or group send endorsement token was not supplied or invalid. "404": description: Requested identity or device does not exist or device has no available prekeys. "429": description: Rate limit exceeded. headers: Retry-After: description: "If present, a positive integer indicating the number of\ \ seconds before a subsequent attempt could succeed" style: simple security: - authenticatedAccount: [] - {} /v2/keys: get: tags: - Keys summary: Get prekey count description: Gets the number of one-time prekeys uploaded for this device and still available operationId: getStatus parameters: - name: identity in: query schema: type: string default: aci enum: - ACI - PNI responses: "200": description: Body contains the number of available one-time prekeys for the device. content: application/json: schema: $ref: '#/components/schemas/PreKeyCount' "401": description: Account authentication check failed. security: - authenticatedAccount: [] put: tags: - Keys summary: Upload new prekeys description: Upload new pre-keys for this device. operationId: setKeys parameters: - name: identity in: query allowEmptyValue: true schema: type: string description: whether this operation applies to the account (aci) or phone-number (pni) identity default: aci enum: - ACI - PNI - aci - pni - name: User-Agent in: header schema: type: string responses: "200": description: Indicates that new keys were successfully stored. "401": description: Account authentication check failed. "403": description: Attempt to change identity key from a non-primary device. "422": description: Invalid request format. security: - authenticatedAccount: [] /v1/messages: get: tags: - Messages operationId: getPendingMessages parameters: - name: X-Signal-Receive-Stories in: header schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] /v1/messages/uuid/{uuid}: delete: tags: - Messages operationId: removePendingMessage parameters: - name: uuid in: path required: true schema: type: string format: uuid responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/report/{source}/{messageGuid}: post: tags: - Messages operationId: reportSpamMessage parameters: - name: source in: path required: true schema: type: string - name: messageGuid in: path required: true schema: type: string format: uuid - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SpamReport' responses: default: description: default response content: '*/*': {} security: - authenticatedAccount: [] /v1/messages/{destination}: put: tags: - Messages summary: Send a message description: | Deliver a message to a single recipient. May be authenticated or unauthenticated; if unauthenticated, an unidentifed-access key or group-send endorsement token must be provided, unless the message is a story. operationId: sendMessage parameters: - name: Unidentified-Access-Key in: header description: The recipient's unidentified access key schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header description: A group send endorsement token covering the recipient. Must not be combined with `Unidentified-Access-Key` or set on a story message. schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: User-Agent in: header schema: type: string - name: destination in: path description: "If true, deliver the message only to recipients that are online\ \ when it is sent" required: true schema: $ref: '#/components/schemas/ServiceIdentifier' - name: story in: query description: "If true, the message is a story; access tokens are not checked\ \ and sending to nonexistent recipients is permitted" schema: type: boolean requestBody: description: The encrypted message payloads for each recipient device content: application/json: schema: $ref: '#/components/schemas/IncomingMessageList' required: true responses: "200": description: Message was successfully sent "401": description: "The message is not a story and the authorization, unauthorized\ \ access key, or group send endorsement token is missing or incorrect" "404": description: The message is not a story and some the recipient service ID does not correspond to a registered Signal user "409": description: Incorrect set of devices supplied for recipient content: application/json: schema: $ref: '#/components/schemas/MismatchedDevicesResponse' "410": description: Mismatched registration ids supplied for some recipient devices content: application/json: schema: $ref: '#/components/schemas/StaleDevicesResponse' "428": description: The sender should complete a challenge before proceeding security: - authenticatedAccount: [] - {} /v1/messages/multi_recipient: put: tags: - Messages summary: Send multi-recipient sealed-sender message description: | Deliver a common-payload message to multiple recipients. An unidentifed-access key for all recipients must be provided, unless the message is a story. operationId: sendMultiRecipientMessage parameters: - name: Unidentified-Access-Key in: header description: The bitwise xor of the unidentified access keys for every recipient of the message. Will be replaced with group send endorsements schema: $ref: '#/components/schemas/CombinedUnidentifiedSenderAccessKeys' - name: Group-Send-Token in: header description: A group send endorsement token covering recipients of this message. Must not be combined with `Unidentified-Access-Key` or set on a story message. schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: online in: query description: "If true, deliver the message only to recipients that are online\ \ when it is sent" schema: type: boolean - name: ts in: query description: The sender's timestamp for the envelope schema: type: integer format: int64 - name: urgent in: query description: "If true, this message should cause push notifications to be\ \ sent to recipients" schema: type: boolean default: true - name: story in: query description: "If true, the message is a story; access tokens are not checked\ \ and sending to nonexistent recipients is permitted" schema: type: boolean requestBody: description: The sealed-sender multi-recipient message payload as serialized by libsignal content: application/vnd.signal-messenger.mrm: schema: $ref: '#/components/schemas/SealedSenderMultiRecipientMessage' required: true responses: "200": description: Message was successfully sent content: application/json: schema: $ref: '#/components/schemas/SendMultiRecipientMessageResponse' "400": description: The envelope specified delivery to the same recipient device multiple times "401": description: The message is not a story and the unauthorized access key or group send endorsement token is missing or incorrect "404": description: The message is not a story and some of the recipient service IDs do not correspond to registered Signal users "409": description: Incorrect set of devices supplied for some recipients content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountMismatchedDevices' "410": description: Mismatched registration ids supplied for some recipient devices content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountStaleDevices' /v1/subscription/boost/paypal/confirm: post: tags: - OneTimeDonations operationId: confirmPayPalBoost parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/ConfirmPayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/boost/create: post: tags: - OneTimeDonations summary: Create a Stripe payment intent description: | Create a Stripe PaymentIntent and return a client secret that can be used to complete the payment. Once the payment is complete, the paymentIntentId can be used at /v1/subscriptions/receipt_credentials operationId: createBoostPaymentIntent parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostRequest' required: true responses: "200": description: Payment Intent created content: application/json: schema: $ref: '#/components/schemas/CreateBoostResponse' "403": description: The request was made on an authenticated channel "400": description: | Invalid argument. The response body may include an error code with more specific information. If the error code is `amount_below_currency_minimum` the body will also include the `minimum` field indicating the minimum amount for the currency. If the error code is `amount_above_sepa_limit` the body will also include the `maximum` field indicating the maximum amount for a SEPA transaction. content: application/json: schema: type: object properties: error: type: string "409": description: Provided level does not match the currency/amount combination content: application/json: schema: type: object properties: error: type: string security: - authenticatedAccount: [] - {} /v1/subscription/boost/receipt_credentials: post: tags: - OneTimeDonations operationId: createBoostReceiptCredentials parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateBoostReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/boost/paypal/create: post: tags: - OneTimeDonations operationId: createPayPalBoost parameters: - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBoostRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/payments/auth: get: tags: - Payments operationId: getAuth responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v1/payments/conversions: get: tags: - Payments operationId: getConversions responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CurrencyConversionEntityList' security: - authenticatedAccount: [] /v1/profile/{identifier}/{version}: get: tags: - Profile operationId: getProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/VersionedProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}/{version}/{credentialRequest}: get: tags: - Profile operationId: getProfile_1 parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: identifier in: path required: true schema: $ref: '#/components/schemas/AciServiceIdentifier' - name: version in: path required: true schema: type: string - name: credentialRequest in: path required: true schema: type: string - name: credentialType in: query schema: type: string - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/CredentialProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/{identifier}: get: tags: - Profile operationId: getUnversionedProfile parameters: - name: Unidentified-Access-Key in: header schema: $ref: '#/components/schemas/Anonymous' - name: Group-Send-Token in: header schema: $ref: '#/components/schemas/GroupSendTokenHeader' - name: User-Agent in: header schema: type: string - name: identifier in: path required: true schema: $ref: '#/components/schemas/ServiceIdentifier' responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BaseProfileResponse' security: - authenticatedAccount: [] - {} /v1/profile/identity_check/batch: post: tags: - Profile operationId: runBatchIdentityCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckRequest' required: true responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/BatchIdentityCheckResponse' /v1/profile: put: tags: - Profile operationId: setProfile requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateProfileRequest' required: true responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] /v1/provisioning/{destination}: put: tags: - Provisioning summary: Send a provisioning message to a new device description: | Send a provisioning message from an authenticated device to a device that (presumably) is not yet associated with a Signal account. operationId: sendProvisioningMessage parameters: - name: destination in: path description: The temporary provisioning address to which to send a provisioning message required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: description: The provisioning message to send to the given provisioning address content: application/json: schema: $ref: '#/components/schemas/ProvisioningMessage' required: true responses: "204": description: The provisioning message was delivered to the given provisioning address "400": description: The provisioning message was too large "404": description: No device with the given provisioning address was connected at the time of the request security: - authenticatedAccount: [] /v1/registration: post: tags: - Registration summary: Registers an account description: "Registers a new account or attempts to “re-register” an existing\ \ account. It is expected that a well-behaved client\ncould make up to three\ \ consecutive calls to this API:\n1. gets 423 from existing registration lock\ \ \n\n2. gets 409 from device available for transfer \n\n3. success \n\n" operationId: register parameters: - name: Authorization in: header required: true schema: $ref: '#/components/schemas/BasicAuthorizationHeader' - name: X-Signal-Agent in: header schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/RegistrationRequest' required: true responses: "200": description: The phone number associated with the authenticated account was changed successfully content: application/json: schema: $ref: '#/components/schemas/AccountCreationResponse' "403": description: Verification failed for the provided Registration Recovery Password "409": description: "The caller has not explicitly elected to skip transferring\ \ data from another device, but a device transfer is technically possible" "422": description: The request did not pass validation "423": content: application/json: schema: $ref: '#/components/schemas/RegistrationLockFailure' "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple /v1/config: get: tags: - Remote Config summary: Fetch remote configuration description: | Remote configuration is a list of namespaced keys that clients may use for consistent configuration or behavior. Configuration values change over time, and the list should be refreshed periodically, typically at client launch and every few hours thereafter. operationId: getAll responses: "200": description: Remote configuration values for the authenticated user content: application/json: schema: $ref: '#/components/schemas/UserRemoteConfigList' security: - authenticatedAccount: [] /v1/storage/auth: get: tags: - Secure Storage summary: Generate credentials for Storage Service description: "Generate Storage Service credentials. Generated credentials have\ \ an expiration time of 24 hours \n(however, the TTL is fully controlled by\ \ the server and may change even for already generated credentials).\n" operationId: getAuth_1 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' security: - authenticatedAccount: [] /v2/backup/auth/check: post: tags: - Secure Value Recovery summary: Check SVR2 credentials description: | Over time, clients may wind up with multiple sets of SVR2 authentication credentials in cloud storage. To determine which set is most current and should be used to communicate with SVR2 to retrieve a master key (from which a registration recovery password can be derived), clients should call this endpoint with a list of stored credentials. The response will identify which (if any) set of credentials are appropriate for communicating with SVR2. operationId: authCheck requestBody: content: application/json: schema: $ref: '#/components/schemas/AuthCheckRequest' required: true responses: "200": description: '`JSON` with the check results.' content: application/json: schema: $ref: '#/components/schemas/AuthCheckResponseV2' "422": description: Provided list of SVR2 credentials could not be parsed "400": description: '`POST` request body is not a valid `JSON`' /v2/backup/auth: get: tags: - Secure Value Recovery summary: Generate credentials for SVR2 description: | Generate SVR2 service credentials. Generated credentials have an expiration time of 30 days (however, the TTL is fully controlled by the server side and may change even for already generated credentials). operationId: getAuth_2 responses: "200": description: '`JSON` with generated credentials.' content: application/json: schema: $ref: '#/components/schemas/ExternalServiceCredentials' "401": description: Account authentication check failed. security: - authenticatedAccount: [] /v1/sticker/pack/form/{count}: get: tags: - Stickers operationId: getStickersForm parameters: - name: count in: path required: true schema: maximum: 201 minimum: 1 type: integer format: int32 responses: default: description: default response content: application/json: schema: $ref: '#/components/schemas/StickerPackFormUploadAttributes' security: - authenticatedAccount: [] /v1/subscription/{subscriberId}/create_payment_method/paypal: post: tags: - Subscriptions operationId: createPayPalPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePayPalBillingAgreementRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/create_payment_method: post: tags: - Subscriptions operationId: createPaymentMethod parameters: - name: subscriberId in: path required: true schema: type: string - name: type in: query schema: type: string default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE - name: User-Agent in: header schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/receipt_credentials: post: tags: - Subscriptions operationId: createSubscriptionReceiptCredentials parameters: - name: User-Agent in: header schema: type: string - name: subscriberId in: path required: true schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/GetReceiptCredentialsRequest' required: true responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}: get: tags: - Subscriptions summary: Subscription information description: | Returns information about the current subscription associated with the provided subscriberId if one exists. Although it uses [Stripe’s values](https://stripe.com/docs/billing/subscriptions/overview#subscription-statuses), the status field in the response is generic, with [Braintree-specific values](https://developer.paypal.com/braintree/docs/guides/recurring-billing/overview#subscription-statuses) mapped to Stripe's. Since we don’t support trials or unpaid subscriptions, the associated statuses will never be returned by the API. operationId: getSubscriptionInformation parameters: - name: subscriberId in: path required: true schema: type: string responses: "200": description: The subscriberId exists content: application/json: schema: $ref: '#/components/schemas/GetSubscriptionInformationResponse' "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed security: - authenticatedAccount: [] - {} put: tags: - Subscriptions operationId: updateSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} delete: tags: - Subscriptions operationId: deleteSubscriber parameters: - name: subscriberId in: path required: true schema: type: string responses: default: description: default response content: application/json: {} security: - authenticatedAccount: [] - {} /v1/subscription/bank_mandate/{bankTransferType}: get: tags: - Subscriptions operationId: getBankMandate parameters: - name: bankTransferType in: path required: true schema: type: string enum: - SEPA_DEBIT responses: default: description: default response content: application/json: {} /v1/subscription/configuration: get: tags: - Subscriptions summary: 'Subscription configuration ' description: |- Returns all configuration for badges, donation subscriptions, backup subscriptions, and one-time donation ( "boost" and "gift") minimum and suggested amounts. operationId: getConfiguration responses: "200": content: application/json: schema: $ref: '#/components/schemas/GetSubscriptionConfigurationResponse' /v1/subscription/{subscriberId}/appstore/{originalTransactionId}: post: tags: - Subscriptions summary: Set app store subscription description: | Set an originalTransactionId that represents an IAP subscription made with the app store. To set up an app store subscription: 1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber) 2. [Create a subscription](https://developer.apple.com/documentation/storekit/in-app_purchase/) with the App Store directly via StoreKit and obtain a originalTransactionId. 3. `POST` the purchaseToken here 4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the entitlement operationId: setAppStoreSubscription parameters: - name: subscriberId in: path required: true schema: type: string - name: originalTransactionId in: path required: true schema: type: string responses: "200": description: The originalTransactionId was successfully validated "402": description: The subscription transaction is incomplete or invalid "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed or the specified transaction does not exist "409": description: subscriberId is already linked to a processor that does not support appstore payments. Delete this subscriberId and use a new one. "429": description: Rate limit exceeded. security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method_for_ideal/{setupIntentId}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodForIdeal parameters: - name: subscriberId in: path required: true schema: type: string - name: setupIntentId in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/default_payment_method/{processor}/{paymentMethodToken}: post: tags: - Subscriptions operationId: setDefaultPaymentMethodWithProcessor parameters: - name: subscriberId in: path required: true schema: type: string - name: processor in: path required: true schema: type: string enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE - name: paymentMethodToken in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/playbilling/{purchaseToken}: post: tags: - Subscriptions summary: Set a google play billing purchase token description: | Set a purchaseToken that represents an IAP subscription made with Google Play Billing. To set up a subscription with Google Play Billing: 1. Create a subscriber with `PUT subscriptions/{subscriberId}` (you must regularly refresh this subscriber) 2. [Create a subscription](https://developer.android.com/google/play/billing/integrate) with Google Play Billing directly and obtain a purchaseToken. Do not [acknowledge](https://developer.android.com/google/play/billing/integrate#subscriptions) the purchaseToken. 3. `POST` the purchaseToken here 4. Obtain a receipt at `POST /v1/subscription/{subscriberId}/receipt_credentials` which can then be used to obtain the entitlement After calling this method, the payment is confirmed. Callers must durably store their subscriberId before calling this method to ensure their payment is tracked. Once a purchaseToken to is posted to a subscriberId, the same subscriberId must not be used with another payment method. A different playbilling purchaseToken can be posted to the same subscriberId, in this case the subscription associated with the old purchaseToken will be cancelled. operationId: setPlayStoreSubscription parameters: - name: subscriberId in: path required: true schema: type: string - name: purchaseToken in: path required: true schema: type: string responses: "200": description: The purchaseToken was validated and acknowledged "402": description: The purchaseToken payment is incomplete or invalid "403": description: subscriberId authentication failure OR account authentication is present "404": description: No such subscriberId exists or subscriberId is malformed or the purchaseToken does not exist "409": description: subscriberId is already linked to a processor that does not support Play Billing. Delete this subscriberId and use a new one. security: - authenticatedAccount: [] - {} /v1/subscription/{subscriberId}/level/{level}/{currency}/{idempotencyKey}: put: tags: - Subscriptions operationId: setSubscriptionLevel parameters: - name: subscriberId in: path required: true schema: type: string - name: level in: path required: true schema: type: integer format: int64 - name: currency in: path required: true schema: type: string - name: idempotencyKey in: path required: true schema: type: string responses: default: description: default response content: application/json: schema: type: object properties: completedExceptionally: type: boolean numberOfDependents: type: integer format: int32 done: type: boolean cancelled: type: boolean security: - authenticatedAccount: [] - {} /v1/verification/session: post: tags: - Verification summary: Creates a new verification session for a specific phone number description: | Initiates a session to be able to verify the phone number for account registration. Check the response and submit requested information at PATCH /session/{sessionId} operationId: createSession requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateVerificationSessionRequest' required: true responses: "200": description: The verification session was created successfully content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple schema: type: integer format: int32 /v1/verification/session/{sessionId}: get: tags: - Verification summary: Get a registration verification session description: | Retrieve metadata of the registration verification session with the specified ID operationId: getSession parameters: - name: sessionId in: path required: true schema: type: string responses: "200": description: Session was retrieved successfully content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "400": description: Invalid session ID "404": description: Session with the specified ID could not be found "422": description: Malformed session ID encoding patch: tags: - Verification summary: Update a registration verification session description: | Updates the session with requested information like an answer to a push challenge or captcha. If `requestedInformation` in the response is empty, and `allowedToRequestCode` is `true`, proceed to call `POST /session/{sessionId}/code`. If `requestedInformation` is empty and `allowedToRequestCode` is `false`, then the caller must create a new verification session. operationId: updateSession parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/UpdateVerificationSessionRequest' required: true responses: "200": description: Session was updated successfully with the information provided content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "403": description: The information provided was not accepted (e.g push challenge or captcha verification failed) "422": description: The request did not pass validation "429": description: Too many attempts headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple schema: type: integer format: int32 content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' /v1/verification/session/{sessionId}/code: put: tags: - Verification summary: Submit a verification code description: | Submits a verification code received via SMS or voice for verification operationId: verifyCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/SubmitVerificationCodeRequest' required: true responses: "200": description: | The request to check a verification code was processed (though the submitted code may not be the correct code); the session metadata will indicate whether the submitted code was correct content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "400": description: Invalid session ID or verification code "404": description: Session with the specified ID could not be found "409": description: The session is already verified or no code has been requested yet for this session content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "429": description: | Too many attempts; the caller is not permitted to submit a verification code at this time and may need to wait before trying again; if the session metadata does not specify a time at which the caller may try again, then the caller has exhausted their permitted attempts and must create a new verification session. headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple schema: type: integer format: int32 content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' post: tags: - Verification summary: Request a verification code description: | Sends a verification code to the phone number associated with the specified session via SMS or phone call. This endpoint can only be called when the session metadata includes "allowedToRequestCode = true" operationId: requestVerificationCode parameters: - name: sessionId in: path required: true schema: type: string - name: User-Agent in: header schema: type: string - name: Accept-Language in: header description: Ordered list of languages in which the client prefers to receive SMS or voice verification messages schema: type: string requestBody: content: application/json: schema: $ref: '#/components/schemas/VerificationCodeRequest' required: true responses: "200": description: Verification code was successfully sent content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "400": description: Invalid session ID "404": description: Session with the specified ID could not be found "409": description: The session is already verified or not in a state to request a code because requested information hasn't been provided yet content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "418": description: "The request to send a verification code with the given transport\ \ could not be fulfilled, but may succeed with a different transport" content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "422": description: Request did not pass validation "429": description: | Too may attempts; the caller is not permitted to send a verification code via the requested channel at this time and may need to wait before trying again; if the session metadata does not specify a time at which the caller may try again, then the caller has exhausted their permitted attempts and must either try a different transport or create a new verification session. headers: Retry-After: description: "If present, an positive integer indicating the number\ \ of seconds before a subsequent attempt could succeed" style: simple schema: type: integer format: int32 content: application/json: schema: $ref: '#/components/schemas/VerificationSessionResponse' "440": description: | The attempt to send a verification code failed because an external service (e.g. the SMS provider) refused to deliver the code. This may be a temporary or permanent failure, as indicated in the response body. If temporary, clients may try again after a reasonable delay. If permanent, clients should not retry the request and should communicate the permanent failure to the end user. Permanent failures may result in the server disallowing all future attempts to request or submit verification codes (since those attempts would be all but guaranteed to fail). content: application/json: schema: $ref: '#/components/schemas/SendVerificationCodeFailureResponse' components: schemas: AciServiceIdentifier: type: string description: An identifier for an account based on the account's ACI allOf: - $ref: '#/components/schemas/ServiceIdentifier' PniServiceIdentifier: type: string description: An identifier for an account based on the account's phone number identifier (PNI) allOf: - $ref: '#/components/schemas/ServiceIdentifier' ServiceIdentifier: type: object description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. UsernameHashResponse: type: object properties: usernameHash: type: string description: "The hash of the confirmed username, as supplied in the request" usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username ConfirmUsernameHashRequest: required: - zkProof type: object properties: usernameHash: type: string format: byte zkProof: type: string format: byte encryptedUsername: maxLength: 128 minLength: 1 type: string description: The url-safe base64-encoded encrypted username to be stored for username links AccountIdentifierResponse: required: - uuid type: object properties: uuid: type: string description: An identifier for an account based on the account's ACI EncryptedUsername: required: - usernameLinkEncryptedValue type: object properties: usernameLinkEncryptedValue: maxLength: 128 minLength: 1 type: string description: the URL-safe base64 encoding of the encrypted username keepLinkHandle: type: boolean description: "if set and the account already has an encrypted-username link\ \ handle, reuse the same link handle rather than generating a new one.\ \ The response will still have the link handle." ReserveUsernameHashResponse: type: object properties: usernameHash: type: string format: byte ReserveUsernameHashRequest: required: - usernameHashes type: object properties: usernameHashes: maxItems: 20 minItems: 1 type: array items: type: string format: byte AccountAttributes: type: object properties: fetchesMessages: type: boolean registrationId: type: integer format: int32 name: maxLength: 225 minLength: 0 type: string format: byte registrationLock: type: string unidentifiedAccessKey: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: uniqueItems: true type: array items: type: string enum: - STORAGE - TRANSFER - DELETE_SYNC - STORAGE_SERVICE_RECORD_KEY_ROTATION - ATTACHMENT_BACKFILL discoverableByPhoneNumber: type: boolean recoveryPassword: type: string format: byte eachRegistrationIdValid: type: boolean pniRegistrationId: type: integer format: int32 ApnRegistrationId: required: - apnRegistrationId type: object properties: apnRegistrationId: type: string description: | An APNs token set for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. GcmRegistrationId: required: - gcmRegistrationId type: object properties: gcmRegistrationId: type: string description: | An FCM/GCM token for the account's primary device. If provided, the account's primary device will be notified of new messages via push notifications to the given token. Callers must provide exactly one of an APNs token set, an FCM token, or an `AccountAttributes` entity with `fetchesMessages` set to `true`. DeviceName: required: - deviceName type: object properties: deviceName: maxLength: 225 minLength: 0 type: string format: byte RegistrationLock: required: - registrationLock type: object properties: registrationLock: maxLength: 64 minLength: 64 type: string UsernameLinkHandle: required: - usernameLinkHandle type: object properties: usernameLinkHandle: type: string description: A handle that can be included in username links to retrieve the stored encrypted username format: uuid AccountIdentityResponse: type: object properties: uuid: type: string description: the account identifier for this account format: uuid number: type: string description: the phone number associated with this account pni: type: string description: the account identifier for this account's phone-number identity format: uuid usernameHash: type: string description: "a hash of this account's username, if set" format: byte usernameLinkHandle: type: string description: "this account's username link handle, if set" format: uuid storageCapable: type: boolean description: whether any of this account's devices support storage entitlements: $ref: '#/components/schemas/Entitlements' BackupEntitlement: type: object properties: backupLevel: type: integer description: The backup level of the account format: int64 expirationSeconds: type: integer description: "When the backup entitlement expires, in number of seconds\ \ since epoch" format: int64 description: "If present, the backup level set via /v1/archives/redeem-receipt" BadgeEntitlement: type: object properties: id: type: string description: The badge id visible: type: boolean description: Whether the badge is currently configured to be visible expirationSeconds: type: integer description: "When the badge expires, in number of seconds since epoch" format: int64 description: Active badges added via /v1/donation/redeem-receipt Entitlements: type: object properties: badges: type: array description: Active badges added via /v1/donation/redeem-receipt items: $ref: '#/components/schemas/BadgeEntitlement' backup: $ref: '#/components/schemas/BackupEntitlement' description: entitlements for this account and their current expirations MismatchedDevicesResponse: type: object properties: missingDevices: uniqueItems: true type: array description: Devices present on the account but absent in the request items: type: string description: Devices present on the account but absent in the request format: byte extraDevices: uniqueItems: true type: array description: Devices absent on the request but present in the account items: type: string description: Devices absent on the request but present in the account format: byte StaleDevicesResponse: type: object properties: staleDevices: uniqueItems: true type: array description: Devices that are no longer active items: type: string description: Devices that are no longer active format: byte ExternalServiceCredentials: type: object properties: username: type: string password: type: string RegistrationLockFailure: type: object properties: timeRemaining: type: integer description: Time remaining in milliseconds before the existing registration lock expires format: int64 svr2Credentials: $ref: '#/components/schemas/ExternalServiceCredentials' description: | Information about the current Registration lock and SVR credentials. With a correct PIN, the credentials can be used to recover the secret used to derive the registration lock password. ChangeNumberRequest: required: - deviceMessages - devicePniPqLastResortPrekeys - devicePniSignedPrekeys - number - pniIdentityKey - pniRegistrationIds type: object properties: sessionId: type: string description: |- A session ID from registration service, if using session id to authenticate this request. Must not be combined with `recoveryPassword`. recoveryPassword: type: string description: |- The base64-encoded recovery password for the new phone number, if using a recovery password to authenticate this request. Must not be combined with `sessionId`. number: type: string description: the new phone number for this account pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: |- A list of synchronization messages to send to companion devices to supply the private keysManager associated with the new identity key and their new prekeys. Exactly one message must be supplied for each device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "the new phone-number-identity registration ID for each device\ \ on the account, including this one" format: int32 description: "the new phone-number-identity registration ID for each device\ \ on the account, including this one" eachPniRegistrationIdValid: type: boolean valid: type: boolean reglock: type: string description: "the registration lock password for the new phone number, if\ \ necessary" ECPublicKey: type: object properties: type: type: integer format: int32 publicKeyBytes: type: string format: byte ECSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed EC pre-key to be associated with this account's PNI. IdentityKey: type: object properties: publicKey: $ref: '#/components/schemas/ECPublicKey' fingerprint: type: string description: | The PNI-associated identity key for the account, encoded as a base64 string. IncomingMessage: required: - content type: object properties: type: type: integer format: int32 destinationDeviceId: type: string format: byte destinationRegistrationId: type: integer format: int32 content: maxLength: 2147483647 minLength: 1 type: string format: byte validEnvelopeType: type: boolean KEMSignedPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. The owner of this key must be able to determine from the key ID whether this represents a single-use or last-resort key, but another party should *not* be able to tell. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's Kyber1024 public key format and then base64-encoded. signature: type: string description: | The signature of the serialized `publicKey` with the account (or phone-number identity)'s identity key, base64-encoded. description: | A signed Kyber-1024 "last resort" pre-key to be associated with this account's PNI. PhoneNumberIdentityKeyDistributionRequest: required: - deviceMessages - devicePniPqLastResortPrekeys - devicePniSignedPrekeys - pniIdentityKey - pniRegistrationIds type: object properties: pniIdentityKey: $ref: '#/components/schemas/IdentityKey' deviceMessages: type: array description: | A list of synchronization messages to send to companion devices to supply the private keys associated with the new identity key and their new prekeys. Exactly one message must be supplied for each device other than the sending (primary) device. items: $ref: '#/components/schemas/IncomingMessage' devicePniSignedPrekeys: type: object additionalProperties: $ref: '#/components/schemas/ECSignedPreKey' description: |- A new signed elliptic-curve prekey for each device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. devicePniPqLastResortPrekeys: type: object additionalProperties: $ref: '#/components/schemas/KEMSignedPreKey' description: |- A new signed post-quantum last-resort prekey for each device on the account, including this one. Each must be accompanied by a valid signature from the new identity key in this request. pniRegistrationIds: type: object additionalProperties: type: integer description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." format: int32 description: "The new registration ID to use for the phone-number identity\ \ of each device, including this one." AccountAndDevicesDataReport: type: object properties: account: $ref: '#/components/schemas/AccountDataReport' devices: type: array items: $ref: '#/components/schemas/DeviceDataReport' AccountDataReport: type: object properties: phoneNumber: type: string badges: type: array items: $ref: '#/components/schemas/BadgeDataReport' allowSealedSenderFromAnyone: type: boolean findAccountByPhoneNumber: type: boolean AccountDataReportResponse: type: object properties: reportId: type: string format: uuid reportTimestamp: type: string format: date-time data: $ref: '#/components/schemas/AccountAndDevicesDataReport' text: type: string description: A plaintext representation of the data report BadgeDataReport: type: object properties: id: type: string expiration: type: string format: date-time visible: type: boolean DeviceDataReport: type: object properties: id: type: string format: byte lastSeen: type: string format: date-time created: type: string format: date-time userAgent: type: string PhoneNumberDiscoverabilityRequest: required: - discoverableByPhoneNumber type: object properties: discoverableByPhoneNumber: type: boolean UploadDescriptorResponse: type: object properties: cdn: type: integer description: Indicates the CDN type. 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found. headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol BackupInfoResponse: type: object properties: cdn: type: integer description: The CDN type where the message backup is stored. Media may be stored elsewhere. format: int32 backupDir: type: string description: | The base directory of your backup data on the cdn. The message backup can be found in the returned cdn at /backupDir/backupName and stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for media objects on a cdn. Stored media for mediaId can be found at /backupDir/mediaDir/mediaId. backupName: type: string description: The name of the most recent message backup on the cdn. The backup is at /backupDir/backupName usedSpace: type: integer description: The amount of space used to store media format: int64 CopyMediaBatchResponse: type: object properties: responses: type: array description: Detailed outcome information for each copy request in the batch items: $ref: '#/components/schemas/Entry' Entry: required: - mediaId type: object properties: status: type: integer description: | The outcome of the copy attempt. A 200 indicates the object was successfully copied. A 400 indicates an invalid argument in the request A 410 indicates that the source object was not found A 413 indicates that the media quota was exhausted format: int32 failureReason: type: string description: "On a copy failure, a detailed failure reason" cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: "The mediaId of the object, encoded in URL-safe padded base64" description: Detailed outcome information for each copy request in the batch CopyMediaBatchRequest: required: - items type: object properties: items: maxItems: 1000 minItems: 1 type: array description: A list of media objects to copy from the attachments CDN to the backup CDN items: $ref: '#/components/schemas/CopyMediaRequest' CopyMediaRequest: required: - encryptionKey - hmacKey - mediaId - objectLength - sourceAttachment type: object properties: sourceAttachment: $ref: '#/components/schemas/RemoteAttachment' objectLength: type: integer description: The length of the source attachment before the encryption applied by the copy operation format: int32 mediaId: type: string description: "mediaId to copy on to the backup CDN, encoded in URL-safe\ \ padded base64" hmacKey: type: string description: "A 32-byte key for the MAC, encoded in standard padded base64" encryptionKey: type: string description: "A 32-byte encryption key for AES, encoded in standard padded\ \ base64" RemoteAttachment: required: - cdn - key type: object properties: cdn: type: integer description: The attachment cdn format: int32 key: maxLength: 64 minLength: 0 type: string description: The attachment key CopyMediaResponse: required: - cdn type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 DeleteMedia: type: object properties: mediaToDelete: maxItems: 1000 minItems: 1 type: array items: $ref: '#/components/schemas/MediaToDelete' MediaToDelete: required: - cdn - mediaId type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 BackupAuthCredential: type: object properties: credential: type: string description: "A BackupAuthCredential, encoded in standard padded base64" format: byte redemptionTime: type: integer description: The day on which this credential is valid. Seconds since epoch truncated to day boundary format: int64 description: A map of credential types to lists of BackupAuthCredentials and their validity periods BackupAuthCredentialsResponse: type: object properties: credentials: type: object additionalProperties: type: array description: A map of credential types to lists of BackupAuthCredentials and their validity periods items: $ref: '#/components/schemas/BackupAuthCredential' description: A map of credential types to lists of BackupAuthCredentials and their validity periods ListResponse: type: object properties: storedMediaObjects: type: array description: A page of media objects stored for this backup ID items: $ref: '#/components/schemas/StoredMediaObject' backupDir: type: string description: | The base directory of your backup data on the cdn. The stored media can be found at /backupDir/mediaDir/mediaId mediaDir: type: string description: | The prefix path component for the media objects. The stored media for mediaId can be found at /backupDir/mediaDir/mediaId. cursor: type: string description: "If set, the cursor value to pass to the next list request\ \ to continue listing. If absent, all objects have been listed" StoredMediaObject: required: - cdn - mediaId - objectLength type: object properties: cdn: type: integer description: The backup cdn where this media object is stored format: int32 mediaId: type: string description: The mediaId of the object in URL-safe base64 objectLength: type: integer description: The length of the object in bytes format: int64 description: A page of media objects stored for this backup ID ReadAuthResponse: type: object properties: headers: type: object additionalProperties: type: string description: Auth headers to include with cdn read requests description: Auth headers to include with cdn read requests RedeemBackupReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: string description: Presentation of a ZK receipt encoded in standard padded base64 SetBackupIdRequest: required: - mediaBackupAuthCredentialRequest - messagesBackupAuthCredentialRequest type: object properties: messagesBackupAuthCredentialRequest: type: string description: | A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64. This backup-id should be used for message backups only, and must have the message backup type set on the credential. mediaBackupAuthCredentialRequest: type: string description: | A BackupAuthCredentialRequest containing a blinded encrypted backup-id, encoded in standard padded base64. This backup-id should be used for media only, and must have the media type set on the credential. SetPublicKeyRequest: type: object properties: publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then encoded as a standard (i.e. not URL-safe), padded, base64-encoded string. AttachmentDescriptorV3: type: object properties: cdn: type: integer description: | Indicates the CDN type. 2 in the v3 API, 2 or 3 in the v4 API. 2 indicates resumable uploads using GCS, 3 indicates resumable uploads using TUS format: int32 key: type: string description: The location within the specified cdn where the finished upload can be found headers: type: object additionalProperties: type: string description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials description: A map of headers to include with all upload requests. Potentially contains time-limited upload credentials signedUploadLocation: type: string description: The URL to upload to with the appropriate protocol CreateCallLinkCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GetCreateCallLinkCredentialsRequest: required: - createCallLinkCredentialRequest type: object properties: createCallLinkCredentialRequest: type: string format: byte GetCallingRelaysResponse: type: object properties: relays: type: array items: $ref: '#/components/schemas/TurnToken' TurnToken: type: object properties: username: type: string password: type: string urls: type: array items: type: string urlsWithIps: type: array items: type: string hostname: type: string ttl: type: integer format: int64 DeliveryCertificate: type: object properties: certificate: type: string format: byte CallLinkAuthCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GroupCredential: type: object properties: credential: type: string format: byte redemptionTime: type: integer format: int64 GroupCredentials: type: object properties: credentials: type: array items: $ref: '#/components/schemas/GroupCredential' callLinkAuthCredentials: type: array items: $ref: '#/components/schemas/CallLinkAuthCredential' pni: type: string format: uuid AnswerPushChallengeRequest: required: - challenge type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: challenge: type: string description: A token provided to the client via a push payload AnswerCaptchaChallengeRequest: required: - captcha - token type: object allOf: - $ref: '#/components/schemas/AnswerChallengeRequest' - type: object properties: token: type: string description: The value of the token field from the server's 428 response captcha: type: string description: A string representing a solved captcha example: signal-hcaptcha.30b01b46-d8c9-4c30-bbd7-9719acfe0c10.challenge.abcdefg1345 AnswerChallengeRequest: required: - type type: object properties: type: type: string discriminator: propertyName: type ChallengeResponse: type: object properties: challenge: type: string description: A challenge to use when generating attestations or assertions AssertionRequest: type: object properties: challenge: type: string description: The challenge retrieved at `GET /v1/devicecheck/assert` action: type: string description: The type of action you'd like to perform with this assert enum: - backup LinkDeviceToken: type: object properties: tokenIdentifier: type: string description: | An opaque identifier for the generated token that the caller may use to watch for a new device to complete the linking process. verificationCode: type: string description: | An opaque token to send to a new linked device that authorizes the new device to link itself to the account that requested this token. DeviceInfo: type: object properties: id: type: integer format: int64 name: type: string format: byte lastSeen: type: integer format: int64 created: type: integer format: int64 DeviceInfoList: type: object properties: devices: type: array items: $ref: '#/components/schemas/DeviceInfo' LinkDeviceResponse: type: object properties: uuid: type: string format: uuid pni: type: string format: uuid deviceId: type: string format: byte BasicAuthorizationHeader: type: object properties: username: type: string deviceId: type: integer format: int64 password: type: string DeviceActivationRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey type: object properties: aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' LinkDeviceRequest: required: - aciPqLastResortPreKey - aciSignedPreKey - pniPqLastResortPreKey - pniSignedPreKey - verificationCode type: object properties: verificationCode: type: string description: | The verification code associated with this device. Must match the verification code provided by the server when provisioning this device. accountAttributes: $ref: '#/components/schemas/AccountAttributes' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' RestoreAccountRequest: required: - method type: object properties: method: type: string description: The method by which the new device has requested account data restoration enum: - REMOTE_BACKUP - LOCAL_BACKUP - DEVICE_TRANSFER - DECLINE deviceTransferBootstrap: maxLength: 4096 minLength: 0 type: string description: "Additional data to use to bootstrap a connection between devices,\ \ in standard unpadded base64." description: | Represents a request from a new device to restore account data by some method. RemoteAttachmentError: required: - error type: object properties: error: type: string description: The type of error encountered enum: - RELINK_REQUESTED - CONTINUE_WITHOUT_UPLOAD description: Indicates an attachment failed to upload TransferArchiveResult: type: object description: | The location of the transfer archive if the archive was successfully uploaded, otherwise a error indicating that the upload has failed and the destination device should stop waiting oneOf: - $ref: '#/components/schemas/RemoteAttachment' - $ref: '#/components/schemas/RemoteAttachmentError' TransferArchiveUploadedRequest: required: - transferArchive type: object properties: destinationDeviceId: type: string description: The ID of the device for which the transfer archive has been prepared format: byte destinationDeviceCreated: type: integer description: "The timestamp, in milliseconds since the epoch, at which the\ \ destination device was created" format: int64 transferArchive: $ref: '#/components/schemas/TransferArchiveResult' RedeemReceiptRequest: required: - receiptCredentialPresentation type: object properties: receiptCredentialPresentation: type: string format: byte visible: type: boolean primary: type: boolean WebSocketClient: type: object properties: created: type: string format: date-time userAgent: type: string open: type: boolean WebSocketSessionContext: type: object properties: authenticated: type: object client: $ref: '#/components/schemas/WebSocketClient' KeyTransparencyDistinguishedKeyResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `DistinguishedResponse` encoded in standard un-padded base64 format: byte KeyTransparencyMonitorResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `MonitorResponse` encoded in standard un-padded base64 format: byte AciMonitor: required: - commitmentIndex - value type: object properties: value: type: string description: An identifier for an account based on the account's ACI entryPosition: type: integer description: A log tree position maintained by the client for the aci. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte E164Monitor: required: - commitmentIndex - value type: object properties: value: type: string description: The e164-formatted phone number to monitor entryPosition: type: integer description: A log tree position maintained by the client for the e164. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte KeyTransparencyMonitorRequest: required: - aci - e164 - usernameHash type: object properties: aci: $ref: '#/components/schemas/AciMonitor' e164: $ref: '#/components/schemas/E164Monitor' usernameHash: $ref: '#/components/schemas/UsernameHashMonitor' lastNonDistinguishedTreeHeadSize: type: integer description: The tree head size to prove consistency against. format: int64 lastDistinguishedTreeHeadSize: type: integer description: The distinguished tree head size to prove consistency against. format: int64 UsernameHashMonitor: required: - commitmentIndex - value type: object properties: value: type: string description: "The username hash to monitor, encoded in url-safe unpadded\ \ base64." format: byte entryPosition: type: integer description: A log tree position maintained by the client for the username hash. format: int64 commitmentIndex: type: string description: "The commitment index derived from a previous search request,\ \ encoded in standard unpadded base64" format: byte KeyTransparencySearchResponse: required: - serializedResponse type: object properties: serializedResponse: type: string description: The serialized `SearchResponse` encoded in standard un-padded base64. format: byte KeyTransparencySearchRequest: required: - aci - aciIdentityKey type: object properties: aci: type: string description: An identifier for an account based on the account's ACI e164: type: string description: The E164-formatted phone number to look up usernameHash: type: string description: "The username hash to look up, encoded in web-safe unpadded\ \ base64." format: byte aciIdentityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccessKey: type: string description: The unidentified access key associated with the account format: byte lastTreeHeadSize: type: integer description: The non-distinguished tree head size to prove consistency against. format: int64 distinguishedTreeHeadSize: type: integer description: The distinguished tree head size to prove consistency against. format: int64 unidentifiedAccessKeyProvidedWithE164: type: boolean CheckKeysRequest: required: - digest - identityType type: object properties: identityType: type: string description: | The identity type for which to check for a shared view of repeated-use keys enum: - ACI - PNI digest: type: string description: | A 32-byte digest of the client's repeated-use keys for the given identity type. The digest is calculated as: SHA256(identityKeyBytes || signedEcPreKeyId || signedEcPreKeyIdBytes || lastResortKeyId || lastResortKeyBytes) …where the elements of the hash are: - identityKeyBytes: the serialized form of the client's public identity key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - signedEcPreKeyId: an 8-byte, big-endian representation of the ID of the client's signed EC pre-key - signedEcPreKeyBytes: the serialized form of the client's signed EC pre-key as produced by libsignal (i.e. one version byte followed by 32 bytes of key material for a total of 33 bytes) - lastResortKeyId: an 8-byte, big-endian representation of the ID of the client's last-resort Kyber key - lastResortKeyBytes: the serialized form of the client's last-resort Kyber key as produced by libsignal (i.e. one version byte followed by 1568 bytes of key material for a total of 1569 bytes) format: byte ECPreKey: type: object properties: keyId: type: integer description: | An arbitrary ID for this key, which will be provided by peers using this key to encrypt messages so the private key can be looked up. Should not be zero. Should be less than 2^24. format: int64 publicKey: type: string description: | The public key, serialized in libsignal's elliptic-curve public key format and then base64-encoded. description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. PreKeyResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' devices: type: array description: information about each requested device items: $ref: '#/components/schemas/PreKeyResponseItem' PreKeyResponseItem: type: object properties: deviceId: type: string description: the device ID of the device to which this item pertains format: byte registrationId: type: integer description: the registration ID for the device format: int32 signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' preKey: $ref: '#/components/schemas/ECPreKey' pqPreKey: $ref: '#/components/schemas/KEMSignedPreKey' description: information about each requested device Anonymous: type: object properties: accessKey: type: string format: byte GroupSendFullToken: type: object properties: expiration: type: string format: date-time internalContentsForJNI: type: string format: byte GroupSendTokenHeader: type: object properties: token: $ref: '#/components/schemas/GroupSendFullToken' PreKeyCount: type: object properties: count: type: integer description: the number of stored unsigned elliptic-curve prekeys for this device format: int32 pqCount: type: integer description: the number of stored one-time post-quantum prekeys for this device format: int32 SetKeysRequest: required: - pqPreKeys - preKeys type: object properties: preKeys: maxItems: 100 minItems: 0 type: array description: | A list of unsigned elliptic-curve prekeys to use for this device. If present and not empty, replaces all stored unsigned EC prekeys for the device; if absent or empty, any stored unsigned EC prekeys for the device are not deleted. items: $ref: '#/components/schemas/ECPreKey' signedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pqPreKeys: maxItems: 100 minItems: 0 type: array description: | A list of signed post-quantum one-time prekeys to use for this device. Each key must have a valid signature from the identity key in this request. If present and not empty, replaces all stored unsigned PQ prekeys for the device; if absent or empty, any stored unsigned PQ prekeys for the device are not deleted. items: $ref: '#/components/schemas/KEMSignedPreKey' pqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' SpamReport: type: object properties: token: type: string format: byte IncomingMessageList: required: - messages type: object properties: messages: type: array items: $ref: '#/components/schemas/IncomingMessage' online: type: boolean urgent: type: boolean timestamp: maximum: 8640000000000000 type: integer format: int64 SendMultiRecipientMessageResponse: type: object properties: uuids404: type: array description: a list of the service identifiers in the request that do not correspond to registered Signal users; will only be present if a group send endorsement was supplied for the request items: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. AccountMismatchedDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/MismatchedDevicesResponse' AccountStaleDevices: type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. devices: $ref: '#/components/schemas/StaleDevicesResponse' CombinedUnidentifiedSenderAccessKeys: type: object properties: accessKeys: type: string format: byte Recipient: type: object properties: devices: type: string format: byte devicesAndRegistrationIds: type: object properties: parallel: type: boolean SealedSenderMultiRecipientMessage: type: object properties: recipients: type: object additionalProperties: $ref: '#/components/schemas/Recipient' excludedRecipients: type: array items: $ref: '#/components/schemas/ServiceId' ServiceId: type: object properties: rawUUID: type: string format: uuid ConfirmPayPalBoostRequest: required: - amount - currency - payerId - paymentId - paymentToken type: object properties: currency: maxLength: 3 minLength: 3 type: string amount: minimum: 1 type: integer description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)" format: int64 level: type: integer description: The level for the boost payment. Assumed to be the boost level if missing format: int64 paymentMethod: type: string description: The payment method default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE payerId: type: string paymentId: type: string paymentToken: type: string CreateBoostResponse: type: object properties: clientSecret: type: string description: A client secret that can be used to complete a stripe PaymentIntent CreateBoostRequest: required: - amount - currency type: object properties: currency: maxLength: 3 minLength: 3 type: string amount: minimum: 1 type: integer description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)" format: int64 level: type: integer description: The level for the boost payment. Assumed to be the boost level if missing format: int64 paymentMethod: type: string description: The payment method default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE CreateBoostReceiptCredentialsRequest: required: - paymentIntentId - processor - receiptCredentialRequest type: object properties: paymentIntentId: type: string receiptCredentialRequest: type: string format: byte processor: type: string enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE CreatePayPalBoostRequest: required: - amount - cancelUrl - currency - returnUrl type: object properties: currency: maxLength: 3 minLength: 3 type: string amount: minimum: 1 type: integer description: "The amount to pay in the [currency's minor unit](https://docs.stripe.com/currencies#minor-units)" format: int64 level: type: integer description: The level for the boost payment. Assumed to be the boost level if missing format: int64 paymentMethod: type: string description: The payment method default: CARD enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE returnUrl: type: string cancelUrl: type: string CurrencyConversionEntity: type: object properties: base: type: string conversions: type: object additionalProperties: type: number CurrencyConversionEntityList: type: object properties: currencies: type: array items: $ref: '#/components/schemas/CurrencyConversionEntity' timestamp: type: integer format: int64 Badge: type: object properties: id: type: string category: type: string name: type: string description: type: string sprites6: type: array items: type: string svg: type: string svgs: type: array items: $ref: '#/components/schemas/BadgeSvg' imageUrl: type: string description: The displayable badge associated with the level BadgeSvg: required: - dark - light type: object properties: light: type: string dark: type: string BaseProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. VersionedProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string format: byte about: type: string format: byte aboutEmoji: type: string format: byte avatar: type: string paymentAddress: type: string format: byte phoneNumberSharing: type: string format: byte CredentialProfileResponse: type: object properties: identityKey: $ref: '#/components/schemas/IdentityKey' unidentifiedAccess: type: string format: byte unrestrictedUnidentifiedAccess: type: boolean capabilities: type: object additionalProperties: type: boolean badges: type: array items: $ref: '#/components/schemas/Badge' uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. name: type: string format: byte about: type: string format: byte aboutEmoji: type: string format: byte avatar: type: string paymentAddress: type: string format: byte phoneNumberSharing: type: string format: byte BatchIdentityCheckResponse: type: object properties: elements: type: array items: $ref: '#/components/schemas/Element' Element: required: - fingerprint - uuid type: object properties: uuid: type: string description: A service identifier is a tuple of a UUID and identity type that identifies an account and identity within the Signal service. fingerprint: type: string format: byte BatchIdentityCheckRequest: required: - elements type: object properties: elements: maxItems: 1000 minItems: 0 type: array items: $ref: '#/components/schemas/Element' CreateProfileRequest: required: - commitment - version type: object properties: commitment: $ref: '#/components/schemas/ProfileKeyCommitment' version: type: string name: type: string format: byte aboutEmoji: type: string format: byte about: type: string format: byte paymentAddress: type: string format: byte sameAvatar: type: boolean phoneNumberSharing: type: string format: byte avatarChange: type: string enum: - UNCHANGED - CLEAR - UPDATE avatar: type: boolean badgeIds: type: array items: type: string ProfileKeyCommitment: type: object properties: internalContentsForJNI: type: string format: byte ProvisioningMessage: required: - body type: object properties: body: type: string description: The MIME base64-encoded body of the provisioning message to send to the destination device AccountCreationResponse: type: object properties: uuid: type: string description: the account identifier for this account format: uuid number: type: string description: the phone number associated with this account pni: type: string description: the account identifier for this account's phone-number identity format: uuid usernameHash: type: string description: "a hash of this account's username, if set" format: byte usernameLinkHandle: type: string description: "this account's username link handle, if set" format: uuid storageCapable: type: boolean description: whether any of this account's devices support storage entitlements: $ref: '#/components/schemas/Entitlements' reregistration: type: boolean description: "If true, there was an existing account registered for this\ \ number" RegistrationRequest: required: - accountAttributes - aciIdentityKey - aciPqLastResortPreKey - aciSignedPreKey - pniIdentityKey - pniPqLastResortPreKey - pniSignedPreKey - skipDeviceTransfer type: object properties: sessionId: type: string description: | The ID of an existing verification session as it appears in a verification session metadata object. Must be provided if `recoveryPassword` is not provided; must not be provided if `recoveryPassword` is provided. recoveryPassword: type: string description: | A base64-encoded registration recovery password. Must be provided if `sessionId` is not provided; must not be provided if `sessionId` is provided format: byte accountAttributes: $ref: '#/components/schemas/AccountAttributes' skipDeviceTransfer: type: boolean description: | If true, indicates that the end user has elected not to transfer data from another device even though a device transfer is technically possible given the capabilities of the calling device and the device associated with the existing account (if any). If false and if a device transfer is technically possible, the registration request will fail with an HTTP/409 response indicating that the client should prompt the user to transfer data from an existing device. aciIdentityKey: $ref: '#/components/schemas/IdentityKey' pniIdentityKey: $ref: '#/components/schemas/IdentityKey' aciSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' pniSignedPreKey: $ref: '#/components/schemas/ECSignedPreKey' aciPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' pniPqLastResortPreKey: $ref: '#/components/schemas/KEMSignedPreKey' apnToken: $ref: '#/components/schemas/ApnRegistrationId' gcmToken: $ref: '#/components/schemas/GcmRegistrationId' valid: type: boolean UserRemoteConfig: type: object properties: name: type: string description: Name of the configuration example: android.exampleFeature enabled: type: boolean description: Whether the configuration is enabled for the user value: type: string description: "The value to be used for the configuration, if it is a non-boolean\ \ type" description: List of remote configurations applicable to the user UserRemoteConfigList: type: object properties: config: type: array description: List of remote configurations applicable to the user items: $ref: '#/components/schemas/UserRemoteConfig' serverEpochTime: type: string description: | Timestamp when the configuration was generated. Deprecated in favor of `X-Signal-Timestamp` response header. format: date-time deprecated: true AuthCheckResponseV2: required: - matches type: object properties: matches: type: object additionalProperties: type: string description: "A dictionary with the auth check results: `SVR Credentials\ \ -> 'match'/'no-match'/'invalid'`" enum: - match - no-match - invalid description: "A dictionary with the auth check results: `SVR Credentials\ \ -> 'match'/'no-match'/'invalid'`" AuthCheckRequest: required: - number - tokens type: object properties: number: type: string description: The e164-formatted phone number. tokens: maxItems: 10 minItems: 0 type: array description: |- A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the of the form "username:password". May contain at most 10 tokens. items: type: string description: |- A list of SVR tokens, previously retrieved from `backup/auth`. Tokens should be the of the form "username:password". May contain at most 10 tokens. StickerPackFormUploadAttributes: type: object properties: manifest: $ref: '#/components/schemas/StickerPackFormUploadItem' stickers: type: array items: $ref: '#/components/schemas/StickerPackFormUploadItem' packId: type: string StickerPackFormUploadItem: type: object properties: id: type: integer format: int32 key: type: string credential: type: string acl: type: string algorithm: type: string date: type: string policy: type: string signature: type: string CreatePayPalBillingAgreementRequest: required: - cancelUrl - returnUrl type: object properties: returnUrl: type: string cancelUrl: type: string GetReceiptCredentialsRequest: required: - receiptCredentialRequest type: object properties: receiptCredentialRequest: type: string format: byte BackupConfiguration: type: object properties: levels: type: object additionalProperties: $ref: '#/components/schemas/BackupLevelConfiguration' description: A map of numeric backup level IDs to level-specific backup configuration freeTierMediaDays: type: integer description: The number of days of media a free tier backup user gets format: int64 description: Backup specific configuration BackupLevelConfiguration: type: object properties: storageAllowanceBytes: type: integer description: The amount of media storage in bytes that a paying subscriber may store format: int64 playProductId: type: string description: The play billing productID associated with this backup level mediaTtlDays: type: integer description: "The duration, in days, for which your backed up media is retained\ \ on the server after you stop refreshing with a paid credential" format: int64 description: Configuration for a backup level - use to present appropriate client interfaces CurrencyConfiguration: type: object properties: minimum: type: number description: The minimum amount that may be submitted for a one-time donation in the currency oneTime: type: object additionalProperties: type: array description: A map of numeric one-time donation level IDs to the list of default amounts to be presented items: type: number description: A map of numeric one-time donation level IDs to the list of default amounts to be presented description: A map of numeric one-time donation level IDs to the list of default amounts to be presented subscription: type: object additionalProperties: type: number description: A map of numeric subscription level IDs to the amount charged for that level description: A map of numeric subscription level IDs to the amount charged for that level backupSubscription: type: object additionalProperties: type: number description: A map of numeric backup level IDs to the amount charged for that level description: A map of numeric backup level IDs to the amount charged for that level supportedPaymentMethods: type: array description: The payment methods that support the given currency items: type: string description: The payment methods that support the given currency description: Configuration for a currency - use to present appropriate client interfaces GetSubscriptionConfigurationResponse: type: object properties: currencies: type: object additionalProperties: $ref: '#/components/schemas/CurrencyConfiguration' description: A map of lower-cased ISO 3 currency codes to minimums and level-specific scalar amounts levels: type: object additionalProperties: $ref: '#/components/schemas/LevelConfiguration' description: A map of numeric donation level IDs to level-specific badge configuration backup: $ref: '#/components/schemas/BackupConfiguration' sepaMaximumEuros: type: number description: The maximum value of a one-time donation SEPA transaction description: |- Comprehensive configuration for donation subscriptions, backup subscriptions, gift subscriptions, and one-time donations pricing information for all levels are included in currencies. All levels that have an associated badge are included in levels. All levels that correspond to a backup payment tier are included in backupLevels. LevelConfiguration: type: object properties: name: type: string description: The localized name for the level badge: $ref: '#/components/schemas/Badge' description: Configuration for a donation level - use to present appropriate client interfaces ChargeFailure: type: object properties: code: type: string description: | See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or [Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes) depending on which processor was used message: type: string description: | See [Stripe failure codes](https://stripe.com/docs/api/charges/object#charge_object-failure_code) or [Braintree decline codes](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses#decline-codes) depending on which processor was used outcomeNetworkStatus: type: string externalDocs: description: Outcome Network Status url: https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status outcomeReason: type: string externalDocs: description: Outcome Reason url: https://stripe.com/docs/api/charges/object#charge_object-outcome-reason outcomeType: type: string externalDocs: description: Outcome Type url: https://stripe.com/docs/api/charges/object#charge_object-outcome-type description: |2 Meaningfully interpreting chargeFailure response fields requires inspecting the processor field first. For Stripe, code will be one of the [codes defined here](https://stripe.com/docs/api/charges/object#charge_object-failure_code), while message [may contain a further textual description](https://stripe.com/docs/api/charges/object#charge_object-failure_message). The outcome fields are nullable, but present values will directly map to Stripe [response properties](https://stripe.com/docs/api/charges/object#charge_object-outcome-network_status) For Braintree, the outcome fields will be null. The code and message will contain one of - a processor decline code (as a string) in code, and associated text in message, as defined this [table](https://developer.paypal.com/braintree/docs/reference/general/processor-responses/authorization-responses) - `gateway` in code, with a [reason](https://developer.paypal.com/braintree/articles/control-panel/transactions/gateway-rejections) in message - `code` = "unknown", message = "unknown" IAP payment processors will never include charge failure information, and detailed order information should be retrieved from the payment processor directly GetSubscriptionInformationResponse: type: object properties: subscription: $ref: '#/components/schemas/Subscription' chargeFailure: $ref: '#/components/schemas/ChargeFailure' Subscription: type: object properties: level: type: integer description: The subscription level format: int64 billingCycleAnchor: type: string description: "If present, UNIX Epoch Timestamp in seconds, can be used to\ \ calculate next billing date." format: date-time externalDocs: description: Calculate next billing date url: https://stripe.com/docs/billing/subscriptions/billing-cycle endOfCurrentPeriod: type: string description: "UNIX Epoch Timestamp in seconds, when the current subscription\ \ period ends" format: date-time active: type: boolean description: Whether there is a currently active subscription cancelAtPeriodEnd: type: boolean description: "If true, an active subscription will not auto-renew at the\ \ end of the current period" currency: type: string description: A three-letter ISO 4217 currency code for currency used in the subscription amount: type: number description: The amount paid for the subscription in the currency's smallest unit externalDocs: description: Stripe Currencies url: https://docs.stripe.com/currencies status: type: string description: "The subscription's status, mapped to Stripe's statuses. trialing\ \ will never be returned" externalDocs: description: Stripe subscription statuses url: https://docs.stripe.com/billing/subscriptions/overview#subscription-statuses processor: type: string description: The payment provider associated with the subscription enum: - STRIPE - BRAINTREE - GOOGLE_PLAY_BILLING - APPLE_APP_STORE paymentMethod: type: string description: The payment method associated with the subscription enum: - UNKNOWN - CARD - PAYPAL - SEPA_DEBIT - IDEAL - GOOGLE_PLAY_BILLING - APPLE_APP_STORE paymentProcessing: type: boolean description: Whether the latest invoice for the subscription is in a non-terminal state description: "Information about the subscription, or null if no subscription\ \ is present" VerificationSessionResponse: required: - allowedToRequestCode - id - verified type: object properties: id: type: string description: A URL-safe ID for the session nextSms: type: integer description: Duration in seconds after which next SMS can be requested for this session format: int64 nextCall: type: integer description: Duration in seconds after which next voice call can be requested for this session format: int64 nextVerificationAttempt: type: integer description: Duration in seconds after which the client can submit a verification code for this session format: int64 allowedToRequestCode: type: boolean description: Whether it is allowed to request a verification code for this session requestedInformation: type: array description: A list of requested information that the client needs to submit before requesting code delivery items: type: string description: A list of requested information that the client needs to submit before requesting code delivery enum: - pushChallenge - captcha verified: type: boolean description: Whether this session is verified CreateVerificationSessionRequest: required: - number type: object properties: number: type: string description: The e164-formatted phone number to be verified pushToken: type: string description: The APNs or FCM device token to which a push challenge can be sent pushTokenType: type: string description: The type of push token enum: - apn - fcm pushChallenge: type: string description: Value received by the device in the push challenge captcha: type: string description: Captcha token returned after solving a captcha challenge mcc: type: string description: Mobile country code of the phone subscriber mnc: type: string description: Mobile network code of the phone subscriber UpdateVerificationSessionRequest: type: object properties: pushToken: type: string description: The APNs or FCM device token to which a push challenge can be sent pushTokenType: type: string description: The type of push token enum: - apn - fcm pushChallenge: type: string description: Value received by the device in the push challenge captcha: type: string description: Captcha token returned after solving a captcha challenge mcc: type: string description: Mobile country code of the phone subscriber mnc: type: string description: Mobile network code of the phone subscriber SendVerificationCodeFailureResponse: type: object properties: reason: type: string enum: - providerUnavailable - providerRejected - illegalArgument permanentFailure: type: boolean VerificationCodeRequest: required: - client - transport type: object properties: transport: type: string description: Transport via which to send the verification code enum: - sms - voice client: type: string description: Client type to facilitate platform-specific SMS verification SubmitVerificationCodeRequest: required: - code type: object properties: code: type: string securitySchemes: authenticatedAccount: type: http description: "Account authentication is based on Basic authentication schema,\ \ \nwhere `username` has a format of `[.]`. If `device_id`\ \ is not specified,\nuser's `main` device is assumed.\n" scheme: basic